Sheila E. Frankel, Richard Graveman, John Pearce, Mark Rooks
Due to the exhaustion of IPv4 address space, and the Office of Management and Budget (OMB) mandate that U.S. federal agencies begin to use the IPv6 protocol, NIST undertook the development of a guide to help educate federal agencies about the possible security risks during their initial IPv6 deployment. Since IPv6 is not backwards compatible with IPv4, organizations will have to change their network infrastructure and systems to deploy IPv6. Organizations should begin now to understand the risks of deploying IPv6, as well as strategies to mitigate such risks. Detailed planning will enable an organization to navigate the process smoothly and securely. This document provides guidelines for organizations to aid in securely deploying IPv6. The goals of this document are to: educate the reader about IPv6 features and the security impacts of those features; provide a comprehensive survey of mechanisms that can be used for the deployment of IPv6; and provide a suggested deployment strategy for moving to an IPv6 environment. After reviewing this document, the reader should have a reasonable understanding of IPv6 and how it compares to IPv4, security impacts of IPv6 features and capabilities, as-yet unknown impacts of IPv6 deployment, and increased knowledge and awareness about the range of IPv4 to IPv6 transition mechanisms.